|
One of our readers has come across traffic leaving the network with a destination of CN and a destination port of tcp 8520. If you are seeing the same I'd like to know, even better if you have a capture of the traffic including the payload that would be great. Cheers Mark H |
Mark 392 Posts ISC Handler Feb 15th 2013 |
| Thread locked Subscribe |
Feb 15th 2013 9 years ago |
|
Do you have IP ranges? I can search on tcp port, but not CN
|
John 88 Posts |
| Quote |
Feb 15th 2013 9 years ago |
|
61.131/16 should get you something. Unfortunately not able to provide a closer range. - MH
|
Mark 392 Posts ISC Handler |
| Quote |
Feb 15th 2013 9 years ago |
|
123.x.x.x generally - but 121.x.x.x through 125.x.x.x should be asia-pacific
|
Mark 6 Posts |
| Quote |
Feb 15th 2013 9 years ago |
|
Found this on Speednet:
http://www.speedguide.net/port.php?port=8520 |
netsec_ct 1 Posts |
| Quote |
Feb 15th 2013 9 years ago |
|
This is not 2-way traffic? There is a callback of a specific group's RAT associated with that port.
|
Anonymous |
| Quote |
Feb 15th 2013 9 years ago |
|
Didn't find anything--I guess that's good
|
John 88 Posts |
| Quote |
Feb 16th 2013 9 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
